Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense IPTables and OpenVPN
« previous
next »
Print
Pages: [
1
]
Author
Topic: OPNsense IPTables and OpenVPN (Read 332 times)
TooTired
Newbie
Posts: 4
Karma: 0
OPNsense IPTables and OpenVPN
«
on:
September 01, 2024, 05:59:48 pm »
**** Apologies, I had originally wrote this post in "Tutorials and FAQ" so I encourage an Admin to delete that original post located here:
https://forum.opnsense.org/index.php?topic=42568.msg210846#msg210846
*****
Hello!
I want to configure a local gaming server hosted on my pc where my neighbors or relatives can connect to play classic games. Games like Quake, OpenRA, etc. I want my kids and relatives to see how games were when I was their age.
I want to use OpenVPN from within a virtual machine so that way when I allow a port forward (from my home router) it is to the VM rather than my host machine. If I turn off the VM then there is no endpoint for the port forward and nobody can use my VPN unless I have the VM running.
My previous experience working with something similar was a XEN set up using Debian that I had configured for a business to remotely access network resources. This worked very well but was my only time doing such a project and was about 10 years ago so I forget a lot.
Here is my approach:
* Host my OpenVPN server using OPNsense within a qemu/kvm virtual machine so that I can start / stop the vpn server by stopping the VM.
*********** What works ***********
So far I have OPNsense installed in a VM using Qemu/KVM, home router port forwarding to VM, OpenVPN configured on OPNsense. The system works well as long as I am using TUN (not TAP). I have between 50/20 Mbps throughput up/down.
************** What does not work *************
Now the problem is that I need to configure TAP because my game server was not visible to clients using the TUN interface. I can use my client to browse the internet but I have received errors in the log that
"some routes were not successfully added. The connection may not function properly"
and I cannot access to a LAN game server hosted on the VM Host computer.
This attached image shows my configuration that I have just changed from TUN (where it worked) to TAP (does not work). Well... partially works.
******************** What I do not understand *****************
Since OPNsense is really an all-in-one solution
I do not understand where the gui interface configuration options end if any manual configuration (text files) is necessary
. There are a various resources about how to configure these text files (as I had done in the past) but I am confused by OPNsense because the terminal is limited.
I also see that for Linux there are some IPTABLES rules that must be added. Since OPNsense is based upon FreeBSD then I assume that they need to be added. Does OPNsense add these iptable rules automatically or is there some additional configuration needed from command line? Should these rules be added to the VM or to the host, or both?
Something along the lines of:
-------------------- copy / paste from a different forum as an example ----------------------
# Allow traffic initiated from VPN to access LAN
iptables -I FORWARD -i tun0 -o eth0 \
-s 10.8.0.0/24 -d 192.168.0.0/24 \
-m conntrack --ctstate NEW -j ACCEPT
# Allow established traffic to pass back and forth
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \
-j ACCEPT
-----------------------------------------------------------------
I appreciate any clarification to help me (not too technical speak please... my degree is not IT) understand where OPNsense GUI configuration ends, if I need to configure any text files via terminal, and how to use the TAP interface between VM / Host.
«
Last Edit: September 03, 2024, 07:09:10 pm by TooTired
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
OPNsense IPTables and OpenVPN